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Period for Reply 

A SHORTENED STATUTORY PERIOD FOR REPLY IS SET TO EXPIRE 3 MONTH(S) OR THIRTY (30) DAYS, 
WHICHEVER IS LONGER, FROM THE MAILING DATE OF THIS COMMUNICATION. 

- Extensions of time may be available under the provisions of 37 CFR 1.136(a). In no event, however, may a reply be timely filed 
after SIX (6) MONTHS from the mailing date of this communication. 

- If NO period for reply is specified above, the maximum statutory period will apply and will expire SIX (6) MONTHS from the mailing date of this communication. 

- Failure to reply within the set or extended period for reply will, by statute, cause the application to become ABANDONED (35 U.S.C. § 133). 
Any reply received by the Office later than three months after the mailing date of this communication, even if timely filed, may reduce any 
earned patent term adjustment. See 37 CFR 1.704(b). 

Status 

I )lEl Responsive to communication(s) filed on 17 November 2006 . 
2a)D This action is FINAL. 2b)S This action is non-final. 

3) D Since this application is in condition for allowance except for formal matters, prosecution as to the merits is 

closed in accordance with the practice under Ex parte Quay/e, 1935 CD. 11, 453 O.G. 213. 

Disposition of Claims 

4) 03 Claim(s) 1-17 is/are pending in the application. 

4a) Of the above claim(s) 18-23 is/are withdrawn from consideration. 

5) D Claim(s) is/are allowed. 

6) M Claim(s) 1-17 is/are rejected. 

7) D Claim(s) is/are objected to. 

8) D Claim(s) are subject to restriction and/or election requirement. 

Application Papers 

9) D The specification is objected to by the Examiner. 

10)D The drawing(s) filed on is/are: a)D accepted or b)D objected to by the Examiner. 

Applicant may not request that any objection to the drawing(s) be held in abeyance. See 37 CFR 1 .85(a). 
Replacement drawing sheet(s) including the correction is required if the drawing(s) is objected to. See 37 CFR 1.121(d). 

I I )□ The oath or declaration is objected to by the Examiner. Note the attached Office Action or form PTO-1 52. 

Priority under 35 U.S.C. § 119 

12)D Acknowledgment is made of a claim for foreign priority under 35 U.S.C. § 1 19(a)-(d) or (f). 
a)D All b)Q Some * c)Q None of: 

1 .□ Certified copies of the priority documents have been received. 

2. Q Certified copies of the priority documents have been received in Application No. . 

3. Q Copies of the certified copies of the priority documents have been received in this National Stage 

application from the International Bureau (PCT Rule 17.2(a)). 
* See the attached detailed Office action for a list of the certified copies not received. 
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DETAILED ACTION 

Election/Restrictions 

1 . Applicant's election without traverse of claims 1-17 in the reply filed on November 
17, 2006 is acknowledged. 

2. Claims 1-17 have been examined. Claims 18-23 are withdrawn. 

Claim Rejections - 35 USC §112 

3. The following is a quotation of the second paragraph of 35 U.S.C. 112: 

The specification shall conclude with one or more claims particularly pointing out and distinctly 
claiming the subject matter which the applicant regards as his invention. 

4. Claims 1 and 12 recite the limitation "the session ticket ID" in 9. There is 
insufficient antecedent basis for this limitation in the claim. 



Claim Rejections - 35 USC § 103 

5. The following is a quotation of 35 U.S.C. 103(a) which forms the basis for all 
obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or described as set 
forth in section 102 of this title, if the differences between the subject matter sought to be patented and 
the prior art are such that the subject matter as a whole would have been obvious at the time the 
invention was made to a person having ordinary skill in the art to which said subject matter pertains. 
Patentability shall not be negatived by the manner in which the invention was made. 
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6. Claims 1-17 are rejected under 35 U.S.C. 103(a) as being unpatentable over 
Mishra et al. ("Security Services Markup Language") in view of Hallam-Baker ("Security 
Assertions Markup Language"). 
As per claims 1,7,9 and 1 2: 

Mishra discloses a network including at least one electronic device, a method of 
authentication of a web service customer, comprising: a web server receiving a request 
for access to a first web service; intercepting the request with an agent and collecting 
authentication credentials; determining whether the web service customer is 
authenticated and authorized; [Section 3.1: User-Driven Transactions (Single Sign-On); 
Section 4.1: Name assertions and Entitlements; Section 4.3: Authentication (auth) and 
authorization (Az) Services] if the web service customer is authenticated and 
authorized, creating a session and session ticket; returning an ID and the session ticket 
to the web server; sending the assertion to the first web service; and returning the 
assertion to the web service customer. [Section 3.1: User-Driven Transactions (Single 
Sign-On); Section 4.1: Name assertions and Entitlements; Section 4.3: Authentication 
(auth) and authorization (Az) Services] Mishra does not explicitly disclose encrypting the 
session ticket ID and a public key into an assertion. Hallam-Baker in analogues art, 
however, discloses encrypting the session ticket ID and a public key into an assertion. 
[Section 2.3: Relying Server; Section 3.2: Ticket; Section 5.4: Session 
Management/Distributed Log out]. It would have been obvious to one ordinary skill in 
the art at the time invention was made to modify the method disclosed by Mishra with 
Hallam-Baker in order to provide a compact data structure that identifies a particular 
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assertion in the minimal space available in a URL fragment or HTTP cookie, (page 6, 
Section 3.2: Ticket; Hallam-Baker) 
As per claims 2, 1 0 and 13: 

The combination of Mishra and Hallam-Baker teaches all the subject matter as 
discussed above. In addition, Mishra further discloses a method comprising: the web 
service customer inserting the assertion, and a signature into a document; receiving a 
request for access to a second web service; intercepting the request with the agent and 
collecting authentication credentials; determining whether the assertion is valid; if the 
assertion is valid, determining whether the web service customer is authenticated; and if 
the web service customer is authenticated, granting the web service customer access to 
the second web service. [Section 3.1: User-Driven Transactions (Single Sign-On); 
Section 4.1: Name assertions and Entitlements; Section 4.3: Authentication (auth) and 
authorization (Az) Services] 
As per claims 3, 8, 1 1 and 14: 

The combination of Mishra and Hallam-Baker teaches all the subject matter as 
discussed above. In addition, Hallam-Baker further discloses a method wherein the 
request comprises a SAML assertion, (page 4, 2. Abstract Data Flow) 
As per claim 4: 

The combination of Mishra and Hallam-Baker teaches all the subject matter as 
discussed above. In addition, Mishra further discloses a method wherein receiving a 
request comprises the web server receiving a public key and a request for access to a 
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web service. (Section 4.3: Authentication (auth) and authorization (Az) Services) 
As per claims 5 and 15-16: 

The combination of Mishra and Hallam-Baker teaches all the subject matter as 
discussed above. In addition, Mishra further discloses a method wherein intercepting 
the request comprises an XML agent intercepting the request and gathering 
authentication credentials. (Section 2.3: Services) 
As per claims 6 and 17: 

The combination of Mishra and Hallam-Baker teaches all the subject matter as 
discussed above. In addition, Mishra further discloses a method wherein determining 
whether the web service customer is authenticated and authorized comprises 
comparing the web service customer with a database containing authentication and 
authorization data. (Section 4.3: Authentication (auth) and authorization (Az) Services) 

Conclusion 

7. The prior art made of record and not relied upon is considered pertinent to 
applicant's disclosure. See Form PTO-892. 

Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to Shewaye Gelagay whose telephone number is 571-272- 
4219. The examiner can normally be reached on 8:00 am to 5:30 pm. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Emmanuel Moise can be reached on 571-272-3865. The fax phone number 
for the organization where this application or proceeding is assigned is 571-273-8300. 
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Information regarding the status of an application may be obtained from the 
Patent Application Information Retrieval (PAIR) system. Status information for 
published applications may be obtained from either Private PAIR or Public PAIR. 
Status information for unpublished applications is available through Private PAIR only. 
For more information about the PAIR system, see http://pair-direct.uspto.gov. Should 
you have questions on access to the Private PAIR system, contact the Electronic 
Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a 
USPTO Customer Service Representative or access to the automated information 
system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. 



Shewaye Gelagay 
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